/usr/local/miolo2/classes/security/mpermsldap.class

Go to the documentation of this file.
00001 <?
00002 class MPermsLdap extends MPerms
00003 {
00004     private $auth;
00005     public  $perms;
00006 
00007     function __construct()
00008     {
00009         parent::__construct();
00010         $this->auth = $this->manager->GetAuth();
00011         $this->perms = array
00012             (
00013             A_ACCESS  => "SELECT",
00014             A_INSERT  => "INSERT",
00015             A_DELETE  => "DELETE",
00016             A_UPDATE  => "UPDATE",
00017             A_EXECUTE => "EXECUTE",
00018             A_ADMIN   => "SYSTEM"
00019             );
00020     }
00021 
00022     function setAuth($auth)
00023     {
00024         $this->auth = $auth;
00025     }
00026 
00027     function CheckAccess($module, $action, $deny = false, $group = false)
00028     {
00029         if ($this->auth->IsLogged())
00030         {
00031             $login       = $this->auth->GetLogin();  // MLogin object
00032             $isAdmin     = $login->IsAdmin(); // Is administrator?
00033             $rights      = $login->rights[$module]; // user rights
00034             if( ! $rights )
00035             {
00036                 $login->setRights( $this->getRights($login->id) );
00037             }
00038             $ok = @in_array($action, $login->rights[$module] );
00039 
00040             if(!$ok && $group)
00041             {
00042                 $groups = $this->GetGroupsAllowed($module, $action);
00043                 $ok = sizeof(array_intersect($groups, $login->groups)) > 0;
00044             }
00045         }
00046 
00047         if (!$ok && $deny)
00048         {
00049         
00050             $msg = _M('Access Denied') . "<br><br>\n" . 
00051                    '<center><big><i><font color=red>' . _M('Transaction: ') . "$transaction</font></i></big></center><br><br>\n" .
00052                    _M('Please inform a valid login/password to access this content.') . "<br>";
00053 
00054             $users = $this->getUsersAllowed($module, $action);
00055 
00056             if ($users)
00057             {
00058                 $msg .= "<br><br>\n" . _M('Users with access rights') . ":<ul><li>" . implode('<li>', $users) . '</ul>';
00059             }
00060 
00061             $go = $this->manager->history->Back('action'); 
00062             $error = Prompt::Error($msg, $go, $caption, '');
00063             $error->AddButton(_M('   Login   '), $this->manager->getActionURL($this->manager->getConf('login.module'),'login',null,array('return_to'=>urlencode($this->manager->history->Top()))), '');
00064             $this->manager->Prompt($error,$deny);
00065             //$this->manager->Error($msg, $go);
00066         }
00067         return $ok;
00068     }
00069 
00070     function GetTransactionRights($transaction, $login)
00071     {
00072         $user = $this->manager->GetBusinessMAD('user');
00073         $user->GetByLogin($login);
00074         return $user->GetTransactionRights($transaction);
00075     }
00076 
00077     function GetRights($login)
00078     {
00079         $MIOLO  = $this->manager;
00080         $base   = $MIOLO->getConf('login.ldap.base');
00081         $filter = "(&(objectClass=mioloUserPermission)(login=$login))";
00082         
00083         $MIOLO->auth->connect();
00084 
00085         $sr     = ldap_search($MIOLO->auth->conn, $base, $filter, array('miolomodulename', 'miolomoduleaction') );
00086         $info   = ldap_get_entries($MIOLO->auth->conn, $sr);
00087 
00088         $rights = array();
00089         for($i=0; $i<$info['count']; $i++)
00090         {
00091             $module = $info[$i]['miolomodulename'][0];
00092             $rights[$module] = array();
00093             for($j=0; $j<$info[$i]['miolomoduleaction']['count']; $j++)
00094             {
00095                 $rights[$module][] = $info[$i]['miolomoduleaction'][$j];
00096             }
00097         }
00098         return $rights;
00099     }
00100 
00101     function GetGroups($login)
00102     {
00103         $user = $this->manager->GetBusinessMAD('user');
00104         $user->GetByLogin($login);
00105         return $user->GetArrayGroups();
00106     }
00107 
00108     function GetUsersAllowed($module, $action = A_ACCESS)
00109     {
00110         $MIOLO  = $this->manager;
00111         $base   = $MIOLO->getConf('login.ldap.base');
00112         $filter = "(&(objectClass=mioloUserPermission)(mioloModuleName=$module)(mioloModuleAction=$action))";
00113         $sr     = ldap_search($MIOLO->auth->conn, $base, $filter, array('login') );
00114         $info   = ldap_get_entries($MIOLO->auth->conn, $sr);
00115 
00116         $users = array();
00117         for($i=0; $i<$info['count']; $i++)
00118         {
00119             $users[] = $info[$i]['login'][0];
00120         }
00121         return $users;
00122     }
00123 
00124     function GetGroupsAllowed($module, $action = A_ACCESS)
00125     {
00126         $MIOLO  = $this->manager;
00127         $base   = $MIOLO->getConf('login.ldap.base');
00128         $filter = "(&(objectClass=mioloGroupPermission)(mioloModuleName=$module)(mioloModuleAction=$action))";
00129         $sr     = ldap_search($MIOLO->auth->conn, $base, $filter, array('miologroup') );
00130         $info   = ldap_get_entries($MIOLO->auth->conn, $sr);
00131 
00132         $groups = array();
00133         for($i=0; $i<$info['count']; $i++)
00134         {
00135             $groups[] = $info[$i]['miologroup'][0];
00136         }
00137         return $groups;
00138     }
00139 }
00140 ?>
CopyLeft (L) 2001-2006 - [MIOLO Development Team] SOLIS - Cooperativa de Soluções Livres - Lajeado/RS - Brasil